Home > Articles > Operating Systems, Server > Linux/UNIX/Open Source

  • Print
  • + Share This
From the author of

From the author of

4. Monitor Security Mailing Lists

Security risks can show up at any time. Tomorrow, a new hole might be found in Microsoft's IIS Web server. Heck, somebody might find a new way to exploit an old hole in Apache and make it something worth worrying about again. Complex interactions between large pieces of software are ill-understood, and it might be days or weeks before there's agreement on whether or not something is a security hole. In short, current information is necessary, albeit not sufficient, if you want to secure your systems.

Shortly after a new exploit is made available, or a hole is announced, hundreds if not thousands of little cracker weenies will read all about it and try it on any machine they can find. If you're not reading the same mailing lists they are, it might be weeks before you know—and by then it might be too late.

The premier security mailing list is Bugtraq, a high-volume (sometimes dozens of messages a day) free-for-all discussion of computer security. Santoni says, "We follow Bugtraq very closely. It is an excellent resource not only for the open source world, but to get a good understanding of the types of security problems encountered on all platforms… It contains the latest vulnerabilities, holes, locations of patches, advisories, tools, and full disclosure discussions."

If there's too much volume for you on Bugtraq, or if you're afraid of missing the signal in all that noise, SecurityFocus has a weekly digest of important threads from Bugtraq and other important security mailing lists. It contains a brief summary of each issue and a URL for an archived copy of the appropriate discussion. Because it's such a major issue, there's a separate NT Bugtraq mailing list.

Other useful resources are the mailing lists from SANS (Systems and Network Security) Institute, CERT (The Computer Emergency Response Team), and CIAC (Computer Incident Advisory Capability). SANS has several weekly lists to which you may subscribe, and CERT and CIAC send out occasional announcements of security holes for all platforms.

He who hesitates is lost, and so is he who hasn't been listening. The twenty minutes or so a day you may need to dedicate to security mailing lists will pay itself back in time not spent restoring hacked machines.

NOTE: Places to Find Security Mailing Lists

Bugtraq and SecurityFocus

http://www.securityfocus.com/

SANS Institute

http://www.sans.org/

Computer Emergency Response Team (CERT)

http://www.cert.org/

Computer Incident Advisory Capability (CIAC)

http://ciac.llnl.gov/

All in all, these four steps provide a basis upon which you can act to secure your systems. They are, again, necessary but not sufficient to secure your machines from intrusion.

  • + Share This
  • 🔖 Save To Your Account